Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Zig

R

C#

Scala

Elixir

PHP

Julia

Java

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Elm

Groovy

Nix

F#

C++

Ada

PowerShell

Java

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇲🇵 Northern Mariana Islands

🇪🇸 Spain

🇲🇽 Mexico

🇸🇱 Sierra Leone

🇸🇰 Slovakia

🇬🇮 Gibraltar

🇺🇸 United States

🇰🇿 Kazakhstan

All Countries Compare Countries

Shivangx01b/CorsMe

Stars
156
Rank 239,589 (Top 5 %)
Language
Go
Created over 4 years ago
Updated over 1 year ago

Shivangx01b/CorsMe

Shivangx01b

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Cross Origin Resource Sharing MisConfiguration Scanner

What is CorsMe ?

A cors misconfiguration scanner tool based on golang with speed and precision in mind !

Misconfiguration type this scanner can check for

Reflect Origin checks
Prefix Match
Suffix Match
Not Esacped Dots
Null
ThirdParties (Like => github.io, repl.it etc.)
- Taken from Chenjj's github repo
SpecialChars (Like => "}","(", etc.)
- See more in Advanced CORS Exploitation Techniques

How to Install

$ go get -u -v github.com/shivangx01b/CorsMe

Usage

Single Url

echo "https://example.com" | ./CorsMe

Multiple Url

cat http_https.txt | ./CorsMe -t 70

Allow wildcard .. Now if Access-Control-Allow-Origin is * it will be printed

cat http_https.txt | ./CorsMe -t 70 -wildcard

Add header if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...."

Save output in a file

cat http_https.txt | ./CorsMe -t 70 -output audit.logs

Add another method if required

cat http_https.txt | ./CorsMe -t 70 -wildcard -header "Cookie: Session=12cbcx...." -method "POST"

Tip

subfinder -d hackerone.com -nW -silent | ./httprobe -c 70 -p 80,443,8080,8081,8089 | tee http_https.txt
cat http_https.txt | ./CorsMe -t 70

Screenshot

Note:

Scanner stores the error results as "error_requests.txt"... which contains hosts which cannot be requested

Ideas for making this tool are taken from :

BountyIt

A fuzzer made in golang for finding issues like xss, lfi, rce, ssti...that detects issues using change in content length and verify it using signatures

Scan-Shark

A Simple Network scanner which uses nmap and it's version scanning capability to get the version name and search for it's respective exploit :) Now also search exploits in exploitdb

Exploitdb-search

Exploitdb website search module written in python to ease you task ... No local db for exploitdb is need ...It just uses google dorks and some scrapping to make the exploit searching easy as searcsploit

HTB

Some autopwn and RCE scripts of retired box :)

Fresh-Dns

Get fresh list of resolvers every day..